lib/repo-pull: return error from signing engine

Return the collected errors from signing engines in case if verification failed for the commit. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2019-12-06 17:18:04 +03:00 · 2019-12-06 17:18:04 +03:00 · 194ab368f2
parent dd27461e22
commit 194ab368f2
1 changed files with 18 additions and 5 deletions
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@ -2005,7 +2005,7 @@ scan_commit_object (OtPullData                 *pull_data,
      gboolean ret = FALSE;
      /* list all signature types in detached metadata and check if signed by any? */
      g_auto (GStrv) names = ostree_sign_list_names();
-      for (char **iter=names; iter && *iter; iter++)
+      for (char **iter=names; !ret && iter && *iter; iter++)
        {
          g_autoptr (OstreeSign) sign = NULL;
          g_autoptr (GError) local_error = NULL;
@ -2023,15 +2023,28 @@ scan_commit_object (OtPullData                 *pull_data,
                                         checksum,
                                         cancellable,
                                         &local_error))
+            {
              ret = TRUE;
-
+              g_clear_error (error);
            }
+
+          /* Save error message for better reason detection later if needed */
          if (!ret)
            {
-          g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                               "Can't verify commit");
+              if (*error == NULL)
+                g_propagate_error (error, g_steal_pointer (&local_error));
+              else
+                g_prefix_error (error, "%s; ", local_error->message);
+            }
+         }
+
+      if (!ret)
+        {
+          g_prefix_error (error, "Can't verify commit %s: ", checksum);
          return FALSE;
        }
+      /* Clear non-fatal error */
+      g_clear_error (error);
    }

  /* If we found a legacy transaction flag, assume we have to scan.